Vulnerabilities > CVE-2017-10293

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
netapp
nessus

Summary

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
8
Application
Netapp
55

Nessus

  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2017_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D (Little CMS 2) - Deployment - Hotspot - JAX-WS - JAXP - Javadoc - Libraries - Networking - RMI - Security - Serialization - Smart Card IO - Util (zlib)
    last seen2020-06-01
    modified2020-06-02
    plugin id103964
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103964
    titleOracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(103964);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id(
        "CVE-2016-9841",
        "CVE-2016-10165",
        "CVE-2017-10274",
        "CVE-2017-10281",
        "CVE-2017-10285",
        "CVE-2017-10293",
        "CVE-2017-10295",
        "CVE-2017-10309",
        "CVE-2017-10345",
        "CVE-2017-10346",
        "CVE-2017-10347",
        "CVE-2017-10348",
        "CVE-2017-10349",
        "CVE-2017-10350",
        "CVE-2017-10355",
        "CVE-2017-10356",
        "CVE-2017-10357",
        "CVE-2017-10388"
      );
      script_bugtraq_id(
        101315,
        101319,
        101321,
        101328,
        101333,
        101338,
        101341,
        101348,
        101354,
        101355,
        101369,
        101378,
        101382,
        101384,
        101396,
        101413
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 9 Update 1, 8 Update 151,
    7 Update 161, or 6 Update 171. It is, therefore, affected by multiple
    vulnerabilities related to the following components :
    
      - 2D (Little CMS 2)
      - Deployment
      - Hotspot
      - JAX-WS
      - JAXP
      - Javadoc
      - Libraries
      - Networking
      - RMI
      - Security
      - Serialization
      - Smart Card IO
      - Util (zlib)");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb85cfa");
      # https://www.oracle.com/technetwork/java/javase/9-0-1-relnotes-3883752.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dfeae1af");
      # http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbe7f5cf");
      # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca");
      # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 /
    6 Update 171 or later. If necessary, remove any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK / JRE 6 Update 95 or later.");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9841");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 9 Update 1 / 8 Update 151 / 7 Update 161 / 6 Update 171
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||
        ver =~ '^1\\.9\\.0_00?([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_151 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installations on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2017.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D (Little CMS 2) - Deployment - Hotspot - JAX-WS - JAXP - Javadoc - Libraries - Networking - RMI - Security - Serialization - Smart Card IO - Util (zlib)
    last seen2020-06-01
    modified2020-06-02
    plugin id103963
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103963
    titleOracle Java SE Multiple Vulnerabilities (October 2017 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(103963);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id(
        "CVE-2016-9841",
        "CVE-2016-10165",
        "CVE-2017-10274",
        "CVE-2017-10281",
        "CVE-2017-10285",
        "CVE-2017-10293",
        "CVE-2017-10295",
        "CVE-2017-10309",
        "CVE-2017-10345",
        "CVE-2017-10346",
        "CVE-2017-10347",
        "CVE-2017-10348",
        "CVE-2017-10349",
        "CVE-2017-10350",
        "CVE-2017-10355",
        "CVE-2017-10356",
        "CVE-2017-10357",
        "CVE-2017-10388"
      );
      script_bugtraq_id(
        101315,
        101319,
        101321,
        101328,
        101333,
        101338,
        101341,
        101348,
        101354,
        101355,
        101369,
        101378,
        101382,
        101384,
        101396,
        101413
      );
    
      script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 9 Update 1, 8 Update 151,
    7 Update 161, or 6 Update 171. It is, therefore, affected by
    multiple vulnerabilities related to the following components :
    
      - 2D (Little CMS 2)
      - Deployment
      - Hotspot
      - JAX-WS
      - JAXP
      - Javadoc
      - Libraries
      - Networking
      - RMI
      - Security
      - Serialization
      - Smart Card IO
      - Util (zlib)");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb85cfa");
      # https://www.oracle.com/technetwork/java/javase/9-0-1-relnotes-3883752.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dfeae1af");
      # http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbe7f5cf");
      # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbcacca");
      # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 /
    6 Update 171 or later. If necessary, remove any affected versions.
    
    Note that an Extended Support contract with Oracle is needed to obtain
    JDK / JRE 6 Update 95 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9841");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 9 Update 1 / 8 Update 151 / 7 Update 161 / 6 Update 171
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|1[0-6][0-9]|170)([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||
        ver =~ '^1\\.9\\.0_00?([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_171 / 1.7.0_161 / 1.8.0_151 / 1.9.0_1\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installations on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2999.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104116
    published2017-10-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104116
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-31.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-31 (Oracle JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle&rsquo;s Java SE. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, modify arbitrary data, or have numerous other impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104232
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104232
    titleGLSA-201710-31 : Oracle JDK/JRE: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3455-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Security update to version 7.1.4.15 [bsc#1070162] - CVE-2017-10349:
    last seen2020-06-01
    modified2020-06-02
    plugin id105506
    published2018-01-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105506
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3455-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3440-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - CVE-2017-10349:
    last seen2020-06-01
    modified2020-06-02
    plugin id105482
    published2017-12-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105482
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3440-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3369-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues: Security issues fixed : - Security update to version 6.0.16.50 (bsc#1070162) - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105388
    published2017-12-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105388
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3369-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3411-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues: Security issues fixed : - Security update to version 8.0.5.5 (bsc#1070162) - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10309 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105462
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105462
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:3411-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3046.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen2020-06-01
    modified2020-06-02
    plugin id104139
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104139
    titleRHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0061-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues : - Security update to version 7.0.10.15 (bsc#1070162) : - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105744
    published2018-01-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105744
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0061-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3235-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues: Security issues fixed : - Security update to version 6.0.16.50 (bsc#1070162) - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id120008
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120008
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3235-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3047.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 6. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen2020-06-01
    modified2020-06-02
    plugin id104140
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104140
    titleRHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)

Redhat

advisories
  • rhsa
    idRHSA-2017:2999
  • rhsa
    idRHSA-2017:3046
  • rhsa
    idRHSA-2017:3047
rpms
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7